---
title: Enhanced Security
Description: Secure transport with self-issued certificates.
---

# Guide: Enhanced Security for YoMo Network

`YoMo` supports in-transit encryption of communications between `Zipper`, `Source`, `StreamFucntion` using a central Certificate Authority(CA) .

`YoMo` allows operators and developers to bring in their own certificates, the `scripts` directory provides certificate generation scripts:

- generate_ca.sh
- generate_client.sh
- generate_server.sh

You can read it in the [README.md](https://github.com/yomorun/yomo/blob/master/scripts/README.md) file to create the relevant certificate.

By default, we use the `development` development mode and do not perform mutual `TLS` authentication between the server and the client. In a production environment, it is **strongly recommended** you modify the following environment variables:

- `YOMO_TLS_VERIFY_PEER`, Set the value to `true`
- `YOMO_TLS_CACERT_FILE`, CA certificate
- `YOMO_TLS_CERT_FILE`, Certificate
- `YOMO_TLS_KEY_FILE`, Private Key

In `Zipper`, `Source` the `StreamFucntion` instance configures the corresponding certificate file respectively.

Refer to Example [3-multi-sfn run settings](https://github.com/yomorun/yomo/blob/master/example/3-multi-sfn/Taskfile.yml) and uncomment some of the settings.
